Openmaize v2.0.0 Openmaize.OnetimePass

Module to handle one-time passwords for use in two factor authentication.

There is one option that needs to be set:

  • db_module - the module that is used to query the database

    • in most cases, this will be generated by mix openmaize.gen.ectodb and will be called MyApp.OpenmaizeEcto
    • if you implement your own database module, it needs to implement the Openmaize.Database behaviour

There are also the following options for the one-time passwords:

  • HMAC-based one-time passwords

    • token_length - the length of the one-time password
    • the default is 6
    • last - the count when the one-time password was last used
    • this count needs to be stored server-side
    • window - the number of future attempts allowed
    • the default is 3
  • Time-based one-time passwords

    • token_length - the length of the one-time password
    • the default is 6
    • interval_length - the length of each timed interval
    • the default is 30 (seconds)
    • window - the number of attempts, before and after the current one, allowed
    • the default is 1 (1 interval before and 1 interval after)
    • you might need to increase this window to allow for clock skew on the server

See the documentation for the Comeonin.Otp module for more details about generating and verifying one-time passwords.

Examples

Add the following line to your controller to call OnetimePass with the default values:

plug Openmaize.OnetimePass, [db_module: MyApp.OpenmaizeEcto] when action in [:login_twofa]

And to set the token length to 8 characters:

plug Openmaize.OnetimePass, [db_module: MyApp.OpenmaizeEcto, token_length: 8]
  when action in [:login_twofa]

Summary

Functions

Handle the one-time password POST request

Functions

call(conn, arg)

Handle the one-time password POST request.

If the one-time password check is successful, the user will be added to the session.

init(opts)